Segmentados Administración sistemas y redes TI

With the industrial revolution of Industry 4.0, industrial processes have become more intelligent, and this has led to the deployment of a greater number of devices. All these deployments usually have a common point, being the gateways, which, after being deployed, are responsible for the translation of some protocols to the TCP/UDP frame or simply send the information to the cloud.Being a point that gathers a large amount of data and capable of providing intelligence to industrial processes, industrial gateways have become a very desirable target for attackers.

Technical reporting is one of the most important parts of the completion of a task, as it reflects the results of all the work done. Moreover, it does not only constitute a final deliverable for a customer, or for the decision-makers within an organization, but also acts as the link between the person or team that has carried out the task and the decision-makers, based on the findings.

Currently, there is a constant evolution in the technologies and implementations made in Industrial Control Systems. On one hand, some of the most common implementations for the improvement of industrial systems infrastructures are digitalization and the use of cloud technology. On the other hand, the increase in communication protocols and IIoT devices (due to the growth of the Industry 4.0) generates a large volume of traffic that is difficult to control and secure.

The TETRA (Terrestrial Trunked Radio) network is a standard developed in Europe in the 1990s by ETSI (European Telecommunications Standards Institute), whose emergence came because of the management of telephone communications for extreme cases, in which standard communication via mobile might not work properly. Therefore, it can be considered as an alternative network for communications with emergency and security services to be always operational. TETRA unifies different digital radio interface alternatives for communications and serves as a standard for the construction of private mobile networks or PMR (Private Mobile Radio).

There are areas where the deployment of an industrial plant requires satellite communications such as those provided by VSAT (Very-Small-Aperture Terminal) technology. This technology allows the exchange of information through an antenna made up of different terminals, installed in remote locations with the connection capacity of a central hub, thanks to a satellite. Obviously, this technology has a cost that not all companies can afford, but it covers coverage needs in places where there are no other communication options. This type of communications is not only widespread in the industry, but its also sometimes used by banks to perform banking transactions at ATM’s. These communications are not so well known by many experts in the industrial sector, and it can be a good opportunity to bridge the knowledge gap so that readers can learn more about the advantages and disadvantages of VSAT communications.

The proliferation of cybersecurity incidents in industrial environments has given rise to a huge concern in the various existing sectors. Some of them, such us the energy sector, are choosing the path taking in the banking sector with the TIBER-EU framework. In addition, many governments are allocating large sums of money to their government agencies to develop strategic plans in which that exercises are included

Confrontations between countries no longer only take place in the physical world, in this new decade, these confrontations also move to the cyber world. The conflict between Russia and Ukraine is one of the clearest examples. Among the events that have taken place is the security incident known as Industroyer2, which affected an electrical supplier in Ukraine. The Industroyer2 is the evolution of its predecessor, the malware known as Industroyer, which was able to affect multiple protocols of industrial control systems during its execution. This new variant of the malware focuses on a particular communications protocol, IEC-104, which is widely used in Europe and the Middle East to monitor and control the power system via the TCP/IP communications protocol.

The programming of PLCs is a fundamental part of the initial phases when building and designing industrial plants. About that environment, the company will base all its operations in that environment making the configuration of these controllers a critical element. When it comes to programming these devices there are a series of steps and best practices that take advantage of the native functionalities available and that involve little or no need to resort to a PLC programmer, protecting the device in a simple way with minimum spend on resource.

Organisations are exposed to the consequences of cyber threats, and may be ill-prepared to face and manage cyber incidents, whether provoked or unprovoked. For this reason, in 2014 INCIBE launched its Indicators for the Improvement of Cyber Resilience (IMC) model, with the aim of improving and understanding the state of cyber resilience in organisations.

In order to increase security levels in OT networks, there are now solutions that monitor networks, devices and configurations, actively looking for anomalies and possible security flaws and intrusions that could take place. However, there are other types of attacks on ICS that are carried out on a completely different plane, where anomaly analysis systems can’t reach. These are attacks on analog sensors.

Nobelium es la denominación de Microsoft para un grupo de atacantes que, según la atribución llevada a cabo por la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA) de Estados Unidos, pertenecen al Servicio de Inteligencia Exterior (SRV) de Rusia. Este grupo criminal es conocido por el ataque a la cadena de suministro de SolarWinds, y una campaña masiva de phishing haciéndose pasar por una empresa de desarrollo estadounidense.

Demilitarized zones, also known as DMZs (demilitarized zones), are used for the secure exchange of information between computers on a network that we want to protect and an external network that needs to access those computers. DMZs are widely used in the IT sector and also in the OT sector, but the equipment and services they host are not exactly the same.